RSA 2014: Three Key Remote Access Takeaways

This year, with cryptography and information security becoming higher profile than ever before, more than 25,000 attendees made the trip to San Francisco for RSA Conference, which was filled to the brim with interesting discussions of new trends, research and technology. Despite several prominent experts boycotting the event in light of the $10 million the NSA secretly paid RSA, the show still sold out seven months in advance and comedian Stephen Colbert braved the backlash to deliver an electric closing keynote address. Here are three main takeaways from the conference relating to remote access security: The Internet of Things is growing, and we need to secure it. The Internet of Things (IoT) was the conference’s number one buzzword, and attendees were concerned with securing the billions of connected devices that are currently proliferating. Quite distressingly, the general feeling at the conference was that the industry is not yet ready to secure devices such as household appliances, medical devices or connected cars. VPNs, however, can provide a solution to secure IoT communications, by ensuring that all of the information traveling between connected devices and users stays within an encrypted tunnel, and the industry as a whole should look towards adopting them more widely within devices. Point solutions are no longer enough. Attendees eagerly discussed everything from forensics to advanced persistent threats (APTs), but the common thread was the importance of integrated solutions. From a remote access security perspective, it was refreshing to hear professionals who work on other security components sharing that view. In fact, Network World identified integration as the number one element that security vendors are now focusing...

BYOD, Policy Compliance Top Remote Access Concerns at Interop New York 2013

Another Interop New York conference has come and gone, and as usual, there were plenty of thought-provoking discussions. Unsurprisingly, security was a hot topic at this year’s event, with BYOD and policy compliance receiving a lot of attention. For example, Dark Reading’s Tim Wilson believes that as enterprises are looking at technology providers to help their organizations manage BYOD, it is important to have plans and policies in place that look at the big picture of network security. Many Interop vendors and experts agree that enterprises are relying on third-party service providers more than ever before. Businesses are acknowledging the growing prominence of trends including BYOD and the cloud, and are trying to be more flexible in terms of what applications, operating systems and devices they are supporting. The problem is, many organizations simply don’t have the resources or technology to efficiently manage secure remote access to their corporate networks with in-house support only. Especially in small- and medium-sized businesses, where there is often a lack of IT security employees, let alone a department, providing employees with the wide range of remote access options they want is extremely difficult. The lack of resources does not only hinder an organization’s telecommuting flexibility. It can also impact—and be responsible for—inadequate employee education. Unfortunately, unless an enterprise has a rock solid BYOD plan in place, undereducated employees may unknowingly fall out of compliance and leave holes in a network’s security. Cyber criminals are constantly getting more adept in finding security flaws to access corporate networks, allowing them to alter, steal or destroy sensitive information. From that perspective, it’s simple to see why...

5 Ways to Keep Your Data Secure While Traveling to Interop NY

By Patrick Oliver Graf, General Manager, Americas of NCP engineering When people travel, securing their data is often the last thing on their minds. However, the fact is that mobile devices, and the data contained within them, are extremely vulnerable to security breaches. By connecting to Wi-Fi hotspots in-between flights at airports and working on potentially unsecure wireless connections in places such as coffee shops, travelers leave themselves and their sensitive data open to attacks. Fortunately, there are several effective methods that Interop attendees can use to keep their devices and data secure as they travel to the Big Apple. 1.       Employ Strong Passwords A 2012 study by Joseph Bonneau of Cambridge University showed that password-cracking software is so efficient that using a cracking dictionary based on the 1,000 most common passwords would crack 8 percent of users’ passwords. Because modern hackers use cracking dictionaries that are based on a specific language and common password combinations, having a long password by itself isn’t enough. To ensure that your password isn’t compromised, choose one that is at least eight characters long, with upper- and lower-case letters, numeric and special characters. Choose uncommon words that are unlikely to be included in cracking dictionaries. 2.       Avoid Unencrypted Connections Yes, connecting to that free coffee shop Wi-Fi is tempting. It costs nothing, it’s in a comfortable location, and as you look around, you see that other conference-goers are connected to it and working away. However, it’s important to remember that public connections often require no authentication or password to log into, meaning that they’re completely open for anyone to access them, including hackers....

Black Hat 2013: Key Takeaways on Remote Access Security

With the books closed on what was quite possibly the most controversial Black Hat conference ever, let’s take a few minutes to reflect on all of the hot button issues relating to remote access that spurred vigorous discussions and debates at this year’s event. Here are a few of our favorite remote access-related topics from Black Hat 2013: PRISM: A Spectrum of Opinions When it was announced that NSA Director General Keith Alexander would be a keynote speaker, everyone attending knew they were in for an interesting show. He stood in front of a crowd of information security professionals and proclaimed, “If you disagree with what we’re doing, you should help make it better.” He’s right on that statement, but not for the reasons that he gave. It’s up to the information security industry in general to prevent programs like PRISM. More widespread use of technologies that make network communications difficult to intercept, such as VPNs, proxy servers, HTTPS and file encryption will certainly help, but a comprehensive network security framework is what is really necessary. Information security professionals need to work together to create open standards and improve network security across the board, so that programs that invade the privacy of users are not even feasible. IT security must go outside of the boundaries of individual components to prevent intrusions of all kinds by using an approach that lets organizations adjust their network security more rapidly if solutions interoperate than if components are siloed and not communicating. Securing Privacy and Identities Despite increasingly sophisticated security technologies such as biometrics, two-factor authentication, tokens, etc., hackers are becoming more adept...

Mobile Endpoint Security Limitations a Hot Topic at Interop Las Vegas 2013

*Editor’s note: This blog originally appeared as a guest post on the Interop Blog By: Rainer Enders, CTO, Americas at NCP engineering. The Android mobile platform and its oft-publicized security limitations, along with those of other mobile operating systems (OSs), are guaranteed to be a hot topic at this year’s Interop event. After all, they have even caught the attention of the American Civil Liberties Union (ACLU), which filed a complaint against the four major cellular carriers in the U.S. for not doing enough to protect the private information of subscribers using the Android OS. The security concerns associated with Android shouldn’t shock anyone. We’ve known there were problems for a long time now, and other popular platforms like iOS are not immune either. But, thanks to the bring-your-own-device (BYOD) and consumerization of IT trends, the implications of such issues are now much more significant. Enterprise network security architects and managers are limited in their abilities to secure certain remote access connections due to the lack of open APIs for security relevant functions, such as VPN and Device Firewall, in most mobile platforms. This also means that neither carriers nor enterprises can effectively deploy and manage such features built into a mobile OS to meet their specific security needs. So, if they choose to stick with the native security functions, if they exist at all, they are at the mercy of many limitations. The consumerization of mobile devices has led to another serious side effect: significant relevant security functions, required by major industry verticals and government entities around the world, are missing in action. It is clear that BYOD...

Meet NCP engineering's Patrick Oliver Graf at RSA 2013

The RSA Conference is right around the corner and this year, Patrick Oliver Graf, NCP’s General Manager of the Americas, will be on-site for two days, brushing elbows with other pioneers in the information security industry. With nearly two decades of technology sector experience, including extensive practice in networking security, Patrick will be available to discuss how NCP is at the forefront of mitigating security risks due to faulty or unsecure remote access connections. For instance, Patrick can explain how NCP is answering to the demands of today’s mobile workforce with the integration of its Secure Enterprise VPN Server with Apple iOS devices, in addition to its IPsec clients for Android platforms. Patrick is also available to comment on how NCP’s Secure Enterprise Management (SEM) system simplifies the complexities of large scale VPN rollouts, securing its nomination year after year for renowned industry awards. If you are attending RSA 2013, February 25-March 1 in San Fransisco and are interested in meeting with Patrick at the conference, please contact sales@ncp-e.com to connect for scheduling. For more information about RSA 2013, see here. For more information about NCP, visit us on LinkedIn, Twitter, or...